RFI Flashcards
DREAD
Quantifying risk by threat
Integrity protection encompasses…
more than just data. Also OS, apps, HW
DREAD + STRIDE
Threat modeling techniques
Categories of security investigations (3)
Public, Private, Individual
Linux file system that supports journaling
EXT4
Journaling file system consequence
Burns out hard drive easier
Each process starts with…
Single threat that can create more threads
A Windows job is…
A group of processes
Is a Signature ID an artifact of IPS/IDS events?
Yes
Netflow templates provide
backward compatibility on netflow supporting systems
IPFIX uses which protocol
SCTP
SILK, ELK, Graylog
Can be used for Netflow analysis
Netflow cache types (3)
Normal, Immediate, permanent
IPFIX based on which version of netflow
9
Incident Prioritization part of which phase of IR process
Detection + Analysis
Cisco ATA
MSSP
PSIRT
Vendor CIRT
E-PHI
Electronic PHI
Deterministic analysis
You know and obtain facts about an incident
Activity attack graph useful for…
Highlighting attackers preferences and alternative attack paths
First step in a forensic exercise
Collect and secure evidence
Syslog port
UDP 514
VERIS stands for
Vocabulary for Event Recording and Information Sharing
How many people should know about a cyber crime investigation?
As few people as possible